Systems Engineering Seminar
Systems Engineering Approach to Supporting the National Highway Traffic Safety Administration (NHTSA)
Investigation of Reported Toyota Motor Corporation (TMC) Unintended Acceleration (UA)
Mike Bay, GSFC/Code 422 Michael Kirsch, LaRC/NESC Principal Engineer
Oscar Gonzalez, Mitchell Davis, Michael Aguilar, and Robert Kichak
Tuesday, March 6, 2012, 1:00 p.m.
The NASA Engineering and Safety Center studied Toyota’s electronic throttle control system for vulnerabilities that might lead to unintended acceleration. This presentation describes the top down system engineering methodology employed to understand and explore vulnerabilities in the electronic throttle control system, and summarizes the study findings.
Mike Kirsch and Mike Bay will describe the NESC's study effort with support from GSFC study participants Oscar Gonzalez, Avionics Technical Discipline Fellow, Mitchell Davis, Michael Aguilar, and Robert Kichak.
The NASA Engineering and Safety Center (NESC) responded to a request by the National Highway Traffic Safety Administration (NHTSA) to study Unintended Acceleration (UA) in Toyotas. The goal of the study was to determine if there are design and implementation vulnerabilities in the Toyota Electronic Throttle Control System (ETCS-i) that could cause UA and whether those vulnerabilities, if substantiated, could realistically occur in consumers’ use of these vehicles.
Since no vehicle was identified that could naturally and repeatedly reproduce large throttle opening UA effects for forensic evaluation, the NESC team applied a top-down systems engineering approach to explore the critical functions in the electronic control, how the system might defend against failures, and if the system had vulnerabilities.
The ETSC-i architecture was decomposed into 6 critical functional areas each with their own control loop. These control loops included safety features providing defenses against many hardware and software failure causes such as transistor latchup, electromagnetic interference, shorts, opens, single event upsets, memory failures, software glitches, etc.
NASA analysis and testing did not find evidence that malfunctions in the electronic throttle control caused large unintended accelerations, as described by some consumer reports.
The top down methodology was able to disposition failure causes based on the architecture of the system. As space, aircraft and automobile systems become more interactively complex defying our ability to predict specific failure causes and their system level effects, the functional failures threatening safety and mission success need to be understood and mitigated at the system level where all the individual parts and pieces interact.
Mike Bay -
Over the last 34 years Mike Bay has served on the development teams for many of GSFC's flight projects. He is a member of the NESC Avionics Technical Discipline Team and participated in the study of untended acceleration in a systems engineering role.
Mike Kirsch -
Mike Kirsch is a Principal Engineer in the NASA Engineering and Safety Center. He served as the project manager for the NESC study to determine if there are design and implementation vulnerabilities in the Toyota Electronic Throttle Control System (ETCS-i) that could cause unintended acceleration under consumers’ use of the vehicle.
Return to SE Seminars Home